CVE-2006-2192 - CVE-2022-0001: Cisco Webex Meeting Server Integer Overflow Vulnerability
CVE ID : CVE-2006-2192
Published : June 19, 2025, 4:15 p.m. | 1 hour, 2 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 16:15:00 GMT
read more
CVE-2025-52464 - Meshtastic Public/Private Key Duplications and Low-Entropy Generation Vulnerability
CVE ID : CVE-2025-52464
Published : June 19, 2025, 4:15 p.m. | 1 hour, 2 minutes ago
Description : Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some platforms, leading to possible low-entropy key generation. When users with an affected key pair sent Direct Messages, those message could be captured and decrypted by an attacker that has compiled the list of compromised keys. This issue has been patched in version 2.6.11 where key generation is delayed til the first time the LoRa region is set, along with warning users when a compromised key is detected. Version 2.6.12 furthers this patch by automatically wiping known compromised keys when found. A workaround to this vulnerability involves users doing a complete device wipe to remove vendor-cloned keys.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 16:15:00 GMT
read more
CVE-2025-6269 - HDF5 Heap-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-6269
Published : June 19, 2025, 4:15 p.m. | 1 hour, 2 minutes ago
Description : A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5C__reconstruct_cache_entry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 16:15:00 GMT
read more
CVE-2025-48886 - Cardano Hydra L1 Event Finality Vulnerability
CVE ID : CVE-2025-48886
Published : June 19, 2025, 3:15 p.m. | 2 hours, 2 minutes ago
Description : Hydra is a layer-two scalability solution for Cardano. Prior to version 0.22.0, the process assumes L1 event finality and does not consider failed transactions. Currently, Cardano L1 is monitored for certain events which are necessary for state progression. At the moment, Hydra considers those events as finalized as soon as they are recognized by the node participants making such transactions the target of re-org attacks. The system does not currently consider the fact that failed transactions on the Cardano L1 can indeed appear in blocks because these transactions are so infrequent. This issue has been patched in version 0.22.0.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 15:15:00 GMT
read more
CVE-2025-49014 - jq Heap Use After Free Vulnerability
CVE ID : CVE-2025-49014
Published : June 19, 2025, 3:15 p.m. | 2 hours, 2 minutes ago
Description : jq is a command-line JSON processor. In version 1.8.0 a heap use after free vulnerability exists within the function f_strflocaltime of /src/builtin.c. This issue has been patched in commit 499c91b, no known fix version exists at time of publication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 15:15:00 GMT
read more
CVE-2025-6268 - Luna Imaging Cross Site Scripting Vulnerability
CVE ID : CVE-2025-6268
Published : June 19, 2025, 3:15 p.m. | 2 hours, 2 minutes ago
Description : A vulnerability classified as problematic has been found in Luna Imaging up to 7.5.5.6. Affected is an unknown function of the file /luna/servlet/view/search. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 15:15:00 GMT
read more
CVE-2024-24916 - Adobe Installer DLL Loading Vulnerability
CVE ID : CVE-2024-24916
Published : June 19, 2025, 2:15 p.m. | 3 hours, 2 minutes ago
Description : Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin).
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 14:15:00 GMT
read more
CVE-2025-6267 - Zhilink ADP Application Developer Platform SQL Injection Vulnerability
CVE ID : CVE-2025-6267
Published : June 19, 2025, 2:15 p.m. | 3 hours, 2 minutes ago
Description : A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /adpweb/a/base/barcodeDetail/. The manipulation of the argument barcodeNo/barcode/itemNo leads to sql injection. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 14:15:00 GMT
read more
CVE-2025-4738 - Yirmibes Software MY ERP SQL Injection
CVE ID : CVE-2025-4738
Published : June 19, 2025, 1:15 p.m. | 4 hours, 2 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yirmibes Software MY ERP allows SQL Injection.This issue affects MY ERP: before 1.170.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 13:15:00 GMT
read more
CVE-2025-6019 - Libblockdev Polkit Local Privilege Escalation
CVE ID : CVE-2025-6019
Published : June 19, 2025, 12:15 p.m. | 5 hours, 3 minutes ago
Description : A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 12:15:00 GMT
read more
CVE-2025-6266 - FLIR AX8 Unrestricted File Upload Vulnerability
CVE ID : CVE-2025-6266
Published : June 19, 2025, 12:15 p.m. | 5 hours, 2 minutes ago
Description : A vulnerability was found in FLIR AX8 up to 1.46. It has been declared as critical. This vulnerability affects unknown code of the file /upload.php. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 12:15:00 GMT
read more
CVE-2005-2347 - CVE-2022-1234: Apache Struts XML Entity Expansion (XXE) Vulnerability
CVE ID : CVE-2005-2347
Published : June 19, 2025, 11:15 a.m. | 6 hours, 2 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 11:15:00 GMT
read more
CVE-2025-32896 - Apache SeaTunnel Unauthenticated Arbitrary File Read and Deserialization Vulnerability
CVE ID : CVE-2025-32896
Published : June 19, 2025, 11:15 a.m. | 6 hours, 2 minutes ago
Description : # Summary
Unauthorized users can perform Arbitrary File Read and Deserialization
attack by submit job using restful api-v1.
# Details
Unauthorized users can access `/hazelcast/rest/maps/submit-job` to submit
job.
An attacker can set extra params in mysql url to perform Arbitrary File
Read and Deserialization attack.
This issue affects Apache SeaTunnel: <=2.3.10
# Fixed
Users are recommended to upgrade to version 2.3.11, and enable restful api-v2 & open https two-way authentication , which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 11:15:00 GMT
read more
CVE-2025-31698 - Apache Traffic Server PROXY Protocol ACL IP Address Use Vulnerability
CVE ID : CVE-2025-31698
Published : June 19, 2025, 10:15 a.m. | 7 hours, 2 minutes ago
Description : ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol.
Users can use a new setting (proxy.config.acl.subjects) to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol.
This issue affects undefined: from 10.0.0 through 10.0.6, from 9.0.0 through 9.2.10.
Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 10:15:00 GMT
read more
CVE-2025-49763 - Apache Traffic Server ESI Plugin Remote Memory Consumption Vulnerability
CVE ID : CVE-2025-49763
Published : June 19, 2025, 10:15 a.m. | 7 hours, 2 minutes ago
Description : ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted.
Users can use a new setting for the plugin (--max-inclusion-depth) to limit it.
This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5, from 9.0.0 through 9.2.10.
Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 10:15:00 GMT
read more
CVE-2025-5071 - WordPress AI Engine Plugin Unauthenticated Privilege Escalation and Data Deletion Vulnerability
CVE ID : CVE-2025-5071
Published : June 19, 2025, 10:15 a.m. | 7 hours, 2 minutes ago
Description : The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Meow_MWAI_Labs_MCP::can_access_mcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like 'wp_create_user', 'wp_update_user' and 'wp_update_option', which can be used for privilege escalation, and 'wp_update_post', 'wp_delete_post', 'wp_update_comment' and 'wp_delete_comment', which can be used to edit and delete posts and comments.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 10:15:00 GMT
read more
CVE-2025-5234 - WordPress Gutenverse News Plugin Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-5234
Published : June 19, 2025, 10:15 a.m. | 7 hours, 2 minutes ago
Description : The Gutenverse News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘elementId’ parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 10:15:00 GMT
read more
CVE-2016-3399 - "CVE-2022-1234: Apache HTTP Server Unauthenticated Remote Code Execution"
CVE ID : CVE-2016-3399
Published : June 19, 2025, 9:15 a.m. | 8 hours, 2 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 09:15:00 GMT
read more
CVE-2025-4571 - GiveWP - Donation Plugin and Fundraising Platform Unauthenticated Data Disclosure and Modification Vulnerability
CVE ID : CVE-2025-4571
Published : June 19, 2025, 7:15 a.m. | 10 hours, 2 minutes ago
Description : The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to view or delete fundraising campaigns, view donors' data, modify campaign events, etc.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 07:15:00 GMT
read more
CVE-2025-4965 - WordPress WPBakery Page Builder Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-4965
Published : June 19, 2025, 7:15 a.m. | 10 hours, 2 minutes ago
Description : The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Builder feature in all versions up to, and including, 8.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 07:15:00 GMT
read more
CVE-2025-5490 - WordPress Football Pool Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-5490
Published : June 19, 2025, 6:15 a.m. | 11 hours, 3 minutes ago
Description : The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 06:15:00 GMT
read more
CVE-2025-5524 - OceanWP WordPress Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-5524
Published : June 19, 2025, 5:15 a.m. | 12 hours, 2 minutes ago
Description : The OceanWP theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Select HTML tag in all versions up to, and including, 4.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 05:15:00 GMT
read more
CVE-2025-4479 - ElementsKit Elementor Addons and Templates WordPress Stored Cross-Site Scripting
CVE ID : CVE-2025-4479
Published : June 19, 2025, 4:15 a.m. | 13 hours, 2 minutes ago
Description : The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin image comparison widget's before/after labels in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 04:15:00 GMT
read more
CVE-2025-50201 - WeGIA Web Manager OS Command Injection Vulnerability
CVE ID : CVE-2025-50201
Published : June 19, 2025, 4:15 a.m. | 13 hours, 2 minutes ago
Description : WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, an OS Command Injection vulnerability was identified in the /html/configuracao/debug_info.php endpoint. The branch parameter is not properly sanitized before being concatenated and executed in a shell command on the server's operating system. This flaw allows an unauthenticated attacker to execute arbitrary commands on the server with the privileges of the web server user (www-data). This issue has been patched in version 3.4.2.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 04:15:00 GMT
read more
CVE-2025-52474 - WeGIA Web Manager SQL Injection Vulnerability
CVE ID : CVE-2025-52474
Published : June 19, 2025, 4:15 a.m. | 13 hours, 2 minutes ago
Description : WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, a SQL Injection vulnerability was identified in the id parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as table names and sensitive data. This issue has been patched in version 3.4.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 04:15:00 GMT
read more
CVE-2025-4367 - WordPress Download Manager Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-4367
Published : June 19, 2025, 4:15 a.m. | 11 hours, 2 minutes ago
Description : The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 04:15:00 GMT
read more
CVE-2025-4661 - Brocade Fabric OS Path Transversal Privilege Escalation Vulnerability
CVE ID : CVE-2025-4661
Published : June 19, 2025, 3:15 a.m. | 12 hours, 2 minutes ago
Description : A path transversal vulnerability in
Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to
gain access to files outside the intended directory potentially leading
to the disclosure of sensitive information.
Note: Admin level privilege is required on the switch in order to exploit
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Thu, 19 Jun 2025 03:15:00 GMT
read more
CVE-2025-50183 - OpenList Frontend Stored XSS Vulnerability
CVE ID : CVE-2025-50183
Published : June 19, 2025, 3:15 a.m. | 12 hours, 2 minutes ago
Description : OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in